We’ll soon look back on 2012 as the year the future of electronic identity credentialing began to appear out of the cloud – pun intended.
For years, the electronic identity credentialing space has been trying to climb out of the siloed user ID/password hole. Many initiatives and technologies have been thrown at the problem, with notable successes, such as the academic InCommon and related academic federations based on the Shibboleth/SAML technology sponsored by OASIS and Internet2.
These local successes – many with millions of users, so I mean no slight when I call them local – led to the federated identity management initiatives. The U.S. government has a lot to be proud of in this space, having initiated and then led a number of the technical, policy and practice efforts to enable federated identity management globally.
Three converging currents predict what is about to happen:
- For years, common credit cards in Europe have carried a digital certificate chip. In 2012, the U.S. credit industry committed to converting from the ubiquitous mag-stripe format to a smart card compatible with the European credit card by 2015.
- A bill has been introduced in Congress to direct the Centers for Medicare and Medicaid Services (CMS) to issue high assurance digital credentials to all citizens receiving CMS benefits; this encompasses every citizen over the age of 65 and many millions of others receiving Medicare and/or Medicaid services. Whether it passes or not, it points to the trend of governments credentialing their citizens. Many European and Pacific Rim nations already issue and manage high assurance digital credentials to their citizens.
- Verizon has announced that it is moving from being a telecom company to an e-services company. The first step in this evolution is Verizon’s fourth quarter issuance of its Universal Identity Solution, zero-footprint credential. It links to all of the subscriber’s mobile and digital devices and is both user-friendly and high assurance.
These three sources: credit industry, governments and telcos, will credential every one of us, ending the current situation in which companies, web sites, identity federations and communities of interest issue many kinds of credentials. This will be accompanied by the end of debates over technology interchange protocols, trust levels, policies, goals and standards.
The new challenge will be getting the “Big Dogs” to adopt three of the four goals of NSTIC: interoperability, user-friendliness and privacy enhancing. In all likelihood the fourth, voluntary opt-in, a relic of the birth of the goals in a U.S. government office, is likely to be deemed unnecessary and irrelevant by the telcos and the credit card consortium.
There will be clear winners in this Brave New World. U.S. businesses would do well to align with Federal PKI Architecture and/or FICAM-approved credential issuers. SAFE-BioPharma credentials fall into this category, and are likely to be among the long-term smart options. Relying on bank-issued ATM cards, next-generation smart card-based credit cards and mobile-device-based credentials issued by the major telcos will also be good bets.